A Cyber Attack Which Locks Up Computers Until Users Pay Ransom Money Is Spreading Rapidly In India

A computer virus is currently infecting computers across the world, locking up users’ files. The only way to unlock these files? Pay money to these anonymous hackers in bitcoin.

The attack was discovered yesterday, and was initially thought to be targeting the UK National Health Service. It has spread significantly by then, affecting as many as 45,000 computers worldwide by Friday afternoon. The biggest number of affected computers are in Russia, followed by Ukraine, India, and Taiwan. The attack utilizes a known vulnerability in unpatched Windows systems. The exploit, called EternalBlue, was published in April, and had been preemptively fixed by Microsoft by March. But computers which haven’t updated their software are still vulnerable, and have seen their files locked.

Several Indian users too, have been impacted. Reddit user Fudio_Gawker posted about how his computer had been affected. “Oops, your file have been encrypted!,” said a message on his system. The attack had applied an encryption on his system, meaning that he was unable to access any of his files. But the hackers had given him a way out.

“Sure, we guarantee that you can recover your files safely and easily. But you have not so enough time (sic),” the popup says. The popup also features an ominous timer on the left, which counts down the time since when the computer was affected. The attackers demand that $300 (Rs. 20,000) be sent to them in bitcoin in order for access to be restored to users’ files. In a scenario that looks like it’s out of a Bond movie, the money demanded will automatically double if the amount is not paid within 3 days. The hackers warn that their files will be lost forever if the payment is not made in 7 days.

And people have been paying. A bitcoin wallet reportedly used by the ransomers has been showing numerous incoming transactions of between 0.15 and 0.3 Bitcoin, worth around $250-$500, meaning that people have had no choice but to accede to the the hackers’ demands. Given how hundreds of thousands of computers are expected to be affected by the time the hack wears out, this is a heist that runs into millions of dollars.

Regions affected by the hack

There are no indications on who’s behind the attack, but the popup leaves a few clues. The English used in the popup suggests that it hasn’t been written by a native speaker (“but you have not enough time”). The hack started off in Russia and then spread to Ukraine, indicating that it might have been developed in the region. Russia, coincidentally, is also known for its sophisticated cyber criminals, including the world’s most wanted hacker.

Indian cyber authorities are beginning to respond to the attack. The Cyber Crimes Police Station in Hyderabad posted an urgent message on its Facebook page titled “Emergency”. “There’s a ransomware attack that’s been happening across the globe for the past 14 hours. Already 30% of computers got infected with this including south India (high critical damage),” the message says. The post recommends that users unplug their computers from the internet, and take backups of their important files on external drives. As always, the post recommends that users don’t download unknown attachments and don’t click on suspicious links.

This is a developing story, we’ll update this article as we have more information.